1. 06 Jan, 2018 1 commit
  2. 05 Jan, 2018 1 commit
  3. 22 Dec, 2017 2 commits
  4. 21 Dec, 2017 2 commits
  5. 18 Dec, 2017 7 commits
  6. 15 Dec, 2017 1 commit
    • Lan Tianyu's avatar
      KVM/x86: Check input paging mode when cs.l is set · f2981033
      Lan Tianyu authored
      Reported by syzkaller:
          WARNING: CPU: 0 PID: 27962 at arch/x86/kvm/emulate.c:5631 x86_emulate_insn+0x557/0x15f0 [kvm]
          Modules linked in: kvm_intel kvm [last unloaded: kvm]
          CPU: 0 PID: 27962 Comm: syz-executor Tainted: G    B   W        4.15.0-rc2-next-20171208+ #32
          Hardware name: Intel Corporation S1200SP/S1200SP, BIOS S1200SP.86B.01.03.0006.040720161253 04/07/2016
          RIP: 0010:x86_emulate_insn+0x557/0x15f0 [kvm]
          RSP: 0018:ffff8807234476d0 EFLAGS: 00010282
          RAX: 0000000000000000 RBX: ffff88072d0237a0 RCX: ffffffffa0065c4d
          RDX: 1ffff100e5a046f9 RSI: 0000000000000003 RDI: ffff88072d0237c8
          RBP: ffff880723447728 R08: ffff88072d020000 R09: ffffffffa008d240
          R10: 0000000000000002 R11: ffffed00e7d87db3 R12: ffff88072d0237c8
          R13: ffff88072d023870 R14: ffff88072d0238c2 R15: ffffffffa008d080
          FS:  00007f8a68666700(0000) GS:ffff880802200000(0000) knlGS:0000000000000000
          CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
          CR2: 000000002009506c CR3: 000000071fec4005 CR4: 00000000003626f0
          Call Trace:
           x86_emulate_instruction+0x3bc/0xb70 [kvm]
           ? reexecute_instruction.part.162+0x130/0x130 [kvm]
           vmx_handle_exit+0x46d/0x14f0 [kvm_intel]
           ? trace_event_raw_event_kvm_entry+0xe7/0x150 [kvm]
           ? handle_vmfunc+0x2f0/0x2f0 [kvm_intel]
           ? wait_lapic_expire+0x25/0x270 [kvm]
           vcpu_enter_guest+0x720/0x1ef0 [kvm]
           ...
      
      When CS.L is set, vcpu should run in the 64 bit paging mode.
      Current kvm set_sregs function doesn't have such check when
      userspace inputs sreg values. This will lead unexpected behavior.
      This patch is to add checks for CS.L, EFER.LME, EFER.LMA and
      CR4.PAE when get SREG inputs from userspace in order to avoid
      unexpected behavior.
      Suggested-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Jim Mattson <jmattson@google.com>
      Signed-off-by: default avatarTianyu Lan <tianyu.lan@intel.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      f2981033
  7. 14 Dec, 2017 13 commits
  8. 11 Dec, 2017 1 commit
  9. 10 Dec, 2017 9 commits
    • Jeff Layton's avatar
      hpfs: don't bother with the i_version counter or f_version · 98087c05
      Jeff Layton authored
      HPFS does not set SB_I_VERSION and does not use the i_version counter
      internally.
      Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
      Signed-off-by: default avatarMikulas Patocka <mikulas@twibright.com>
      Reviewed-by: default avatarMikulas Patocka <mikulas@twibright.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      98087c05
    • Jiri Slaby's avatar
      futex: futex_wake_op, fix sign_extend32 sign bits · d70ef228
      Jiri Slaby authored
      sign_extend32 counts the sign bit parameter from 0, not from 1.  So we
      have to use "11" for 12th bit, not "12".
      
      This mistake means we have not allowed negative op and cmp args since
      commit 30d6e0a4 ("futex: Remove duplicated code and fix undefined
      behaviour") till now.
      
      Fixes: 30d6e0a4 ("futex: Remove duplicated code and fix undefined behaviour")
      Signed-off-by: default avatarJiri Slaby <jslaby@suse.cz>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Darren Hart <dvhart@infradead.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d70ef228
    • Linus Torvalds's avatar
      Merge tag 'for-4.15-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux · 51090c5d
      Linus Torvalds authored
      Pull btrfs fixes from David Sterba:
       "This contains a few fixes (error handling, quota leak, FUA vs
        nobarrier mount option).
      
        There's one one worth mentioning separately - an off-by-one fix that
        leads to overwriting first byte of an adjacent page with 0, out of
        bounds of the memory allocated by an ioctl. This is under a privileged
        part of the ioctl, can be triggerd in some subvolume layouts"
      
      * tag 'for-4.15-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux:
        btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
        Btrfs: disable FUA if mounted with nobarrier
        btrfs: fix missing error return in btrfs_drop_snapshot
        btrfs: handle errors while updating refcounts in update_ref_for_cow
        btrfs: Fix quota reservation leak on preallocated files
      51090c5d
    • Linus Torvalds's avatar
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 9c02e060
      Linus Torvalds authored
      Pull ARM SoC fixes from Olof Johansson:
      
       - A revert of all SCPI changes from the 4.15 merge window. They had
         regressions on the Amlogic platforms, and the submaintainer isn't
         around to fix these bugs due to vacation, etc. So we agreed to revert
         and revisit in next release cycle.
      
       - A series fixing a number of bugs for ARM CCN interconnect, around
         module unload, smp_processor_id() in preemptable context, and fixing
         some memory allocation failure checks.
      
       - A handful of devicetree fixes for different platforms, fixing
         warnings and errors that were previously ignored by the compiler.
      
       - The usual set of mostly minor fixes for different platforms.
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (42 commits)
        ARM64: dts: meson-gx: fix UART pclk clock name
        ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds
        arm: dts: nspire: Add missing #phy-cells to usb-nop-xceiv
        ARM: dts: Fix dm814x missing phy-cells property
        ARM: dts: Fix elm interrupt compiler warning
        bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left.
        bus: arm-cci: Fix use of smp_processor_id() in preemptible context
        bus: arm-ccn: Fix use of smp_processor_id() in preemptible context
        bus: arm-ccn: Simplify code
        bus: arm-ccn: Check memory allocation failure
        bus: arm-ccn: constify attribute_group structures.
        firmware: arm_scpi: Revert updates made during v4.15 merge window
        arm: dts: marvell: Add missing #phy-cells to usb-nop-xceiv
        arm64: dts: sort vendor subdirectories in Makefile alphabetically
        meson-gx-socinfo: Fix package id parsing
        ARM: meson: fix spelling mistake: "Couln't" -> "Couldn't"
        ARM: dts: meson: fix the memory region of the GPIO interrupt controller
        ARM: dts: meson: correct the sort order for the the gpio_intc node
        MAINTAINERS: exclude other Socionext SoC DT files from ARM/UNIPHIER entry
        arm64: dts: uniphier: remove unnecessary interrupt-parent
        ...
      9c02e060
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · c465fc11
      Linus Torvalds authored
      Pull KVM fixes from Radim Krčmář:
       "ARM:
         - A number of issues in the vgic discovered using SMATCH
         - A bit one-off calculation in out stage base address mask (32-bit
           and 64-bit)
         - Fixes to single-step debugging instructions that trap for other
           reasons such as MMMIO aborts
         - Printing unavailable hyp mode as error
         - Potential spinlock deadlock in the vgic
         - Avoid calling vgic vcpu free more than once
         - Broken bit calculation for big endian systems
      
       s390:
         - SPDX tags
         - Fence storage key accesses from problem state
         - Make sure that irq_state.flags is not used in the future
      
        x86:
         - Intercept port 0x80 accesses to prevent host instability (CVE)
         - Use userspace FPU context for guest FPU (mainly an optimization
           that fixes a double use of kernel FPU)
         - Do not leak one page per module load
         - Flush APIC page address cache from MMU invalidation notifiers"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (28 commits)
        KVM: x86: fix APIC page invalidation
        KVM: s390: Fix skey emulation permission check
        KVM: s390: mark irq_state.flags as non-usable
        KVM: s390: Remove redundant license text
        KVM: s390: add SPDX identifiers to the remaining files
        KVM: VMX: fix page leak in hardware_setup()
        KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
        x86,kvm: remove KVM emulator get_fpu / put_fpu
        x86,kvm: move qemu/guest FPU switching out to vcpu_run
        KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion
        KVM: arm/arm64: kvm_arch_destroy_vm cleanups
        KVM: arm/arm64: Fix spinlock acquisition in vgic_set_owner
        kvm: arm: don't treat unavailable HYP mode as an error
        KVM: arm/arm64: Avoid attempting to load timer vgic state without a vgic
        kvm: arm64: handle single-step of hyp emulated mmio instructions
        kvm: arm64: handle single-step during SError exceptions
        kvm: arm64: handle single-step of userspace mmio instructions
        kvm: arm64: handle single-stepping trapped instructions
        KVM: arm/arm64: debug: Introduce helper for single-step
        arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
        ...
      c465fc11
    • Olof Johansson's avatar
      Merge branch 'fixes' into for-next · 8be0b988
      Olof Johansson authored
      * fixes:
        ARM64: dts: meson-gx: fix UART pclk clock name
        ARM: dts: Fix dm814x missing phy-cells property
        ARM: dts: Fix elm interrupt compiler warning
        bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left.
        bus: arm-cci: Fix use of smp_processor_id() in preemptible context
        bus: arm-ccn: Fix use of smp_processor_id() in preemptible context
        bus: arm-ccn: Simplify code
        bus: arm-ccn: Check memory allocation failure
        bus: arm-ccn: constify attribute_group structures.
        meson-gx-socinfo: Fix package id parsing
        ARM: meson: fix spelling mistake: "Couln't" -> "Couldn't"
        ARM: dts: meson: fix the memory region of the GPIO interrupt controller
        ARM: dts: meson: correct the sort order for the the gpio_intc node
      8be0b988
    • Olof Johansson's avatar
      Merge tag 'amlogic-fixes-1' of... · ce39882e
      Olof Johansson authored
      Merge tag 'amlogic-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic into fixes
      
      Amlogic fixes for v4.15-rc
      - GPIO interrupt fixes
      - socinfo fix for GX series
      - fix typo
      
      * tag 'amlogic-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic:
        ARM64: dts: meson-gx: fix UART pclk clock name
        meson-gx-socinfo: Fix package id parsing
        ARM: meson: fix spelling mistake: "Couln't" -> "Couldn't"
        ARM: dts: meson: fix the memory region of the GPIO interrupt controller
        ARM: dts: meson: correct the sort order for the the gpio_intc node
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      ce39882e
    • Olof Johansson's avatar
      Merge tag 'ccn/fixes-for-4.15' of git://git.linaro.org/people/pawel.moll/linux into fixes · 3dda7f63
      Olof Johansson authored
      bus: ARM CCN and CCI PMU driver fixes
      
      This is a bunch of fixes CCN and (guest starring this time) CCI drivers.
      
      * Check for potential of failed allocation for the driver name string
      * Manage CPU ID properly at allocation (both CCN and CCI)
      * Fix module unload warnings related to objects release order
      * Small improvements like using allocating printfs and proper
        attributes constification
      
      The one fixing potential issues have been cc-ed to stable.
      
      * tag 'ccn/fixes-for-4.15' of git://git.linaro.org/people/pawel.moll/linux:
        bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left.
        bus: arm-cci: Fix use of smp_processor_id() in preemptible context
        bus: arm-ccn: Fix use of smp_processor_id() in preemptible context
        bus: arm-ccn: Simplify code
        bus: arm-ccn: Check memory allocation failure
        bus: arm-ccn: constify attribute_group structures.
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      3dda7f63
    • Olof Johansson's avatar
      Merge tag 'omap-for-v4.15/fixes-dt-warnings' of... · 69b8df5d
      Olof Johansson authored
      Merge tag 'omap-for-v4.15/fixes-dt-warnings' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
      
      Two fixes for dts compiler warnings
      
      These recently started showing up with better dtc checks being
      introduced.
      
      * tag 'omap-for-v4.15/fixes-dt-warnings' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
        ARM: dts: Fix dm814x missing phy-cells property
        ARM: dts: Fix elm interrupt compiler warning
      Signed-off-by: default avatarOlof Johansson <olof@lixom.net>
      69b8df5d
  10. 09 Dec, 2017 1 commit
  11. 08 Dec, 2017 2 commits
    • Michal Hocko's avatar
      kmemcheck: rip it out for real · f335195a
      Michal Hocko authored
      Commit 4675ff05 ("kmemcheck: rip it out") has removed the code but
      for some reason SPDX header stayed in place.  This looks like a rebase
      mistake in the mmotm tree or the merge mistake.  Let's drop those
      leftovers as well.
      Signed-off-by: default avatarMichal Hocko <mhocko@suse.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      f335195a
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · e9ef1fe3
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) CAN fixes from Martin Kelly (cancel URBs properly in all the CAN usb
          drivers).
      
       2) Revert returning -EEXIST from __dev_alloc_name() as this propagates
          to userspace and broke some apps. From Johannes Berg.
      
       3) Fix conn memory leaks and crashes in TIPC, from Jon Malloc and Cong
          Wang.
      
       4) Gianfar MAC can't do EEE so don't advertise it by default, from
          Claudiu Manoil.
      
       5) Relax strict netlink attribute validation, but emit a warning. From
          David Ahern.
      
       6) Fix regression in checksum offload of thunderx driver, from Florian
          Westphal.
      
       7) Fix UAPI bpf issues on s390, from Hendrik Brueckner.
      
       8) New card support in iwlwifi, from Ihab Zhaika.
      
       9) BBR congestion control bug fixes from Neal Cardwell.
      
      10) Fix port stats in nfp driver, from Pieter Jansen van Vuuren.
      
      11) Fix leaks in qualcomm rmnet, from Subash Abhinov Kasiviswanathan.
      
      12) Fix DMA API handling in sh_eth driver, from Thomas Petazzoni.
      
      13) Fix spurious netpoll warnings in bnxt_en, from Calvin Owens.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (67 commits)
        net: mvpp2: fix the RSS table entry offset
        tcp: evaluate packet losses upon RTT change
        tcp: fix off-by-one bug in RACK
        tcp: always evaluate losses in RACK upon undo
        tcp: correctly test congestion state in RACK
        bnxt_en: Fix sources of spurious netpoll warnings
        tcp_bbr: reset long-term bandwidth sampling on loss recovery undo
        tcp_bbr: reset full pipe detection on loss recovery undo
        tcp_bbr: record "full bw reached" decision in new full_bw_reached bit
        sfc: pass valid pointers from efx_enqueue_unwind
        gianfar: Disable EEE autoneg by default
        tcp: invalidate rate samples during SACK reneging
        can: peak/pcie_fd: fix potential bug in restarting tx queue
        can: usb_8dev: cancel urb on -EPIPE and -EPROTO
        can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
        can: esd_usb2: cancel urb on -EPIPE and -EPROTO
        can: ems_usb: cancel urb on -EPIPE and -EPROTO
        can: mcba_usb: cancel urb on -EPROTO
        usbnet: fix alignment for frames with no ethernet header
        tcp: use current time in tcp_rcv_space_adjust()
        ...
      e9ef1fe3